BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Alibaba’s ‘ZeroSearch’ lets AI learn to google itself — slashing training costs by 88 percent
/in General NewsAlibaba’s ZeroSearch trains large language models to beat Google Search and slash API costs by 88%, redefining how AI learns to retrieve information.Read More
Security News | VentureBeat – Read More
PowerSchool paid a hacker’s ransom, but now schools say they are being extorted
/in General NewsSchools in Toronto and North Carolina are reporting extortion attempts.
Security News | TechCrunch – Read More
Toronto school district says data not deleted after ransom was paid to hacker
/in General NewsAfter paying the hacker a ransom, PowerSchool previously said it believed the incident had been “contained” because the hacker turned over a video showing the data being deleted.
The Record from Recorded Future News – Read More
LockBit’s Dark Web Domains Hacked, Internal Data and Wallets Leaked
/in General NewsLockBit’s dark web domains were hacked, exposing internal data, affiliate tools, and over 60,000 Bitcoin wallets in a…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
/in General NewsCybersecurity researchers have exposed what they say is an “industrial-scale, global cryptocurrency phishing operation” engineered to steal digital assets from cryptocurrency wallets for several years.
The campaign has been codenamed FreeDrain by threat intelligence firms SentinelOne and Validin.
“FreeDrain uses SEO manipulation, free-tier web services (like gitbook.io, webflow.io, and github.io
The Hacker News – Read More
Operation PowerOFF Takes Down 9 DDoS-for-Hire Domains
/in General NewsFour different countries, including the United States and Germany, were included in the latest international operation alongside Europol’s support.
darkreading – Read More
Fake Crypto Exchange Ads on Facebook Spread Malware
/in General NewsBitdefender exposes Facebook ad scams using fake crypto sites and celebrity lures to spread malware via malicious desktop…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Japan orgs targeted by CoGUI phishing kit impersonating Amazon, Rakuten
/in General NewsPeople and organizations across Japan are being inundated with phishing messages from cybercriminals who are using CoGUI, a sophisticated toolkit that lets them avoid detection.
The Record from Recorded Future News – Read More
Valarian Bags $20M Seed Capital for ‘Isolation-First’ Infrastructure Tech
/in General NewsBritish startup exits stealth with $20 million in seed-stage financing led by US investors Scout Ventures and Artis Ventures.
The post Valarian Bags $20M Seed Capital for ‘Isolation-First’ Infrastructure Tech appeared first on SecurityWeek.
SecurityWeek – Read More
Qilin Leads April 2025 Ransomware Spike with 45 Breaches Using NETXLOADER Malware
/in General NewsThreat actors with ties to the Qilin ransomware family have leveraged malware known as SmokeLoader along with a previously undocumented .NET compiled loader codenamed NETXLOADER as part of a campaign observed in November 2024.
“NETXLOADER is a new .NET-based loader that plays a critical role in cyber attacks,” Trend Micro researchers Jacob Santos, Raymart Yambot, John Rainier Navato, Sarah Pearl
The Hacker News – Read More